Hello, Recently, we've had a handful of firewall issues due to some questionable firmware upgrades we've performed and subsequent bugs attached to those upgrades. Every time the firewall goes down, our internal traffic here at our main site continues to work as intended but our remote locations lose connectivity to our business software which runs on a specified port. We have had the realization that we are configured incorrectly somewhere down the line and that we need to change our off-site location routers to point to a different gateway other than the firewall since we believe that using the firewall's address as the gateway address is the reason for this loss of communication. We do want all internet traffic to go through the firewall, of course, but internal port-to-port communication we do not want to filter this way. A quick and dirty description of our network would be; Our off-site workstations use routers that connect to a T1 line that connects to our main site and into a large business switch. Our DC, application servers, web server and all workstations here at the main site also connect to this same switch and this switch is directly connected to the firewall via a trusted connection. The firewall should only be filtering traffic from our Optional network and Internet traffic. Presently, since all of our workstations require internet access, we have the off-site routers pointed to the firewall's IP as the Gateway. So ultimately, I guess my question is, is it possible for us to set the off-site routers to use the business switch's IP address as their gateway and set the business switch to use the firewall's IP address as its gateway? If we do this, will off-site location still be able to reach the internet and will this configuration prevent internal network traffic from being filtered? Is there a better way of configuring these settings to keep our internal traffic free from being filtered through the firewall? I realize this isn't really a Windows question so much as a network configuration question but my lack of understanding on how flexible gateways are is my biggest obstacle on the matter. Thanks! Gabe

Hi Gabelh81 , Thanks for post here. After reading your post I understand that the firewall is the internet edge gateway device of your network , you want to all the internet traffic include branch office also connect to internet via this device . If I misunderstand please let me know. Based on my understanding ,this is the topology of your network: Internet | Firewall device | Main office network --------- large business switch ------(T1)-------Router ---------branch network Firstly ,I’d like to say that the large business switch has to support third layer data transfer, mean it must a layer 3 switch. In that case you could set static route on each devices to implement your design . On the large business switch ,set a default route to point to the firewall ,and add some route to point to the different IP segments which connect to it. Set a default route on the router of branch to point to the large business switch, so that all traffic on branch will be transferred to the business switch for further routing. With this settings , only the internet traffic will go through the firewall and be filtered ,all internal traffic will not be affected. Hope that’s helpful Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Tiger, Thanks for your response! You are correct in our network topology and how we are configured. Since the hardware we use was purchased before I was hired, I'm just not sure if we support 3rd layer data routing through our switch or not but I will speak with my boss to find out if that's the case. If so, I will follow these instructions and post a follow-up here. I appreciate your time and the help. Regards, Gabe <script> if (typeof(lpcurruser) == 'undefined') lpcurruser = ''; if (document.getElementById('lpcurruserelt') && document.getElementById('lpcurruserelt').value != '') { lpcurruser = document.getElementById('lpcurruserelt').value; document.getElementById('lpcurruserelt').value = ''; } if (typeof(lpcurrpass) == 'undefined') lpcurrpass=''; if (document.getElementById('lpcurrpasselt') && document.getElementById('lpcurrpasselt').value != '') { lpcurrpass = document.getElementById('lpcurrpasselt').value; document.getElementById('lpcurrpasselt').value = ''; } var lploc=1;var lponlyfill=null;var link=document.getElementById("i1668"); if(link&&typeof(g_lpclicked)=="undefined"){if(document.createEventObject){var evt = document.createEventObject();link.fireEvent("onclick",evt);}else{var evt2 = document.createEvent("MouseEvents");evt2.initMouseEvent("click", true, true, document.defaultView, 1, 0, 0, 0, 0, false, false, false, false, 0, null);link.dispatchEvent(evt2);}g_lpclicked=1;}lpcurruser = ''; lpcurrpass = '';</script>